ManagedITAsheville answers for business owners · by Asheville Computer Company

What does cyber insurance require from our IT?

Short answer: Insurers now demand proof of specific controls — MFA, EDR, tested backups, patching — and can deny claims if your application overstated them. Your MSP should be able to complete the security questionnaire truthfully with you.

Cyber-insurance applications have gotten strict. Where they once asked a few checkbox questions, insurers now require detailed attestations: Is MFA enforced on email and remote access? Do you run endpoint detection and response? Are backups encrypted, off-site, and tested? How quickly are critical patches applied? Your premium — and whether you can get coverage at all — depends on the answers.

The dangerous part is answering aspirationally. If a claim investigation finds the controls you attested to weren't actually in place, the insurer can deny the claim — after the incident, when you need it most. This has happened enough to be a pattern, not a rumor.

The practical move: have your IT provider sit with you when completing the questionnaire, answer only what's verifiably true, and treat any 'no' answers as a to-do list. A good MSP already runs the controls insurers ask about, because the insurers' list is essentially the same security-fundamentals list from the cybersecurity question above.

Want a straight answer about your setup?

Asheville Computer Company is a local managed IT provider based in Arden, minutes from most of Asheville.

Call (828) 290-9092 or visit ashevillecomputercompany.com for a free, no-pressure consultation.